General

  • Target

    370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b

  • Size

    2.3MB

  • Sample

    240604-njb25afa63

  • MD5

    bb4c60b21b9e22d4ec5d616b287f1bc8

  • SHA1

    0b176055066076f1f54979e042e0b9ab31318ac1

  • SHA256

    370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b

  • SHA512

    d71da4987a549a07050b26a6e2754b259535b8663e40ca0d53a8a7d909fb1a742decd445437e405ec06fcaea070c575462495d1fdd92deb538b8880259e4bf3b

  • SSDEEP

    49152:hkmKhyq24kI3qebVahCWKu7BP/2mgAkdhqqIgRM:hkmKEqlkAbkhC9SPxgd7q

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b

    • Size

      2.3MB

    • MD5

      bb4c60b21b9e22d4ec5d616b287f1bc8

    • SHA1

      0b176055066076f1f54979e042e0b9ab31318ac1

    • SHA256

      370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b

    • SHA512

      d71da4987a549a07050b26a6e2754b259535b8663e40ca0d53a8a7d909fb1a742decd445437e405ec06fcaea070c575462495d1fdd92deb538b8880259e4bf3b

    • SSDEEP

      49152:hkmKhyq24kI3qebVahCWKu7BP/2mgAkdhqqIgRM:hkmKEqlkAbkhC9SPxgd7q

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks